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Amendments to the Claims: 

This listing of claims replaces all prior versions, and listings, of claims in this application. 
Listing of Claims: 

1 . (Currently Amended) A method for identifying data state anomalies capable of 
causing a catastrophic failure in a continuously operating software systern, said method 
comprising the steps of: 

inserting an assertion into the software system: 

injecting a first data state anomaly into the software system; 

running the software system after the data state anomaly has been injected; 

with the assertion, trapping values that are known to produce hazardous outputs: 

checking for an unacceptable output fi*om the software; and 

logging the unacceptable output if an unacceptable output is observed. 

2. (Original) The method of claim 1, wherein the continuously operating software system 
comprises a safety-critical system and the unacceptable output comprises a hazardous output. 

3. (Original) The method of claim 1, wherein the continuously operating software system 
comprises a web site system. 

4. (Original) The method of claim 1, wherein the unacceptable output comprises an 
undesired output. 
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5. (Original) The method of claim 1 , wherein the unacceptable output comprises an 
unacceptable performance property. 

6. (Original) The method of claim 1, wherein the unacceptable output comprises an 
unsafe shutdown of the software system. 

7. (Original) The method of claim 1, further comprises the step of stopping the software 
system if an unacceptable output is observed. 

8. (Original) The method of claim 1 , further comprising repeating each of the steps using 
a second data state anomaly, said second data state anomaly different than the first data state 
anomaly. 

9. (Original) The method of claim 1, ftirther comprising the step of stopping the software 
system if a pre-determined period has elapsed without an unacceptable behavior being observed. 

10. (Currently Amended) The method of claim 9, wherein the pre-determined period 
comprises a time period. 

1 1 . (Currently Amended) The method of claim 1 1 , wherein the pre-determined period 
comprises a predeterrriined number of iterations of the software system. 
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12. (Canceled) 

13. (Original) The method of claim 12, further comprising the step of inserting a 
corrective action into the software system, said corrective action comprising a response to the 
assertion. 

14. (Currently Amended) A method for estimating a safe operating period for a 
continuously running software system, said method comprising the steps of: 

initializing the software system , the software system having inserted therein an assertion : 
running the software system for a first pre-determined period; 
pausing the software system; 

injecting a first data state anomaly into the software system; 

running the software system after the data state anomaly has been injected; 

with the assertion, trapping values that are known to produce hazardous outputs: 

checking for an unacceptable output from the software system; 

stopping the software system and logging the unacceptable output if an unacceptable 
output is observed; and 

stopping the software system if a second pre-determined period has elapsed without an 
unacceptable behavior being observed. 
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1 5. (Original) The method of claim 14, further comprising repeating each of the steps 
using a second data state anomaly, said second data state anomaly different than the first data 
state anomaly. 

1 6. (Original) The method of claim 1 5, wherein the first pre-determined period is 
changed prior to repeating the steps. 

17. (Original) The method of claim 14, wherein the first and second pre-determined 
periods comprise time periods. 

18. (Original) The method of claim 14, wherein the first and second pre-determined 
periods comprise iterations of the software system. 

19. (Canceled) 

20. (Original) The method of claim 14, wherein the step of logging the hazardous output 
comprises writing a plurality of information to a log file. 

21 . (Original) The method of claim 20, wherein the plurality of information comprises a 
time stamp. 
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22. (Original) The method of claim 20, wherein the plurality of information comprises an 
iteration count. 

23. (Original) The method of claim 20, wherein the plurality of information comprises 
the first data state anomaly. 

24. (Original) The method of claim 20, wherein the plurality of information comprises a 
time stamp and the first data state anomaly. 

25. (Original) The method of claim 20, wherein the plurality of information comprises an 
iteration count and the first data state anomaly. 

26. (Original) The method of claim 20, further comprising the step of analyzing the 
plurality of information in the log file to determine a safe operating period for the continuously 
operating software system. 

27. (New) The method of claim 1, fiirther comprising: 

running the software system for a first period Y and thereafter injecting the first data state 
anomaly; 

running the software for a second period Q; and 

if no unacceptable output is observed, setting a safe operating duration to a period 
substantially the same as the sum of Y and Q. 
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28. (New) The method of claim 14, fiirther comprising setting the safe operating period 
to a period that is substantially the sum of the first and second pre-determined periods. 



